bulletin-deploy 0.7.21 → 0.7.22-rc.1

package/dist/{chunk-VTTN4BX7.js → chunk-CIXT75OF.js}

@@ -1,11 +1,11 @@
 import {
   isTestnetSpecName
-} from "./chunk-4TS6R26J.js";
+} from "./chunk-WVCIU6WM.js";
 import {
   captureWarning,
   setDeployAttribute,
   withSpan
-} from "./chunk-2VNGK2MU.js";
+} from "./chunk-WNUWAA6F.js";
 
 // src/dotns.ts
 import crypto from "crypto";
@@ -236,6 +236,7 @@ function formatWeight(weight) {
   if (!weight) return "unknown";
   return `ref_time=${weight.referenceTime.toString()} proof_size=${weight.proofSize.toString()}`;
 }
+var BARE_REVERT_DIAGNOSTIC_FUNCTIONS = /* @__PURE__ */ new Set(["register", "commit", "setContenthash", "setSubnodeOwner", "setResolver"]);
 function formatContractDryRunFailure(gasEstimate, context) {
   const functionName = context.functionName ?? "unknown";
   const contractName = dotnsContractName(context.contractAddress, context.contracts);
@@ -253,8 +254,23 @@ function formatContractDryRunFailure(gasEstimate, context) {
     lines.push(`  calldata: ${context.encodedData}`);
     if (context.args) lines.push(`  args: ${stringifyDebugValue(context.args)}`);
   }
+  const revertData = gasEstimate.revertData;
+  const isBareRevert = (revertData === void 0 || revertData.trim() === "0x") && gasEstimate.revertFlags === 1n;
+  if (isBareRevert && BARE_REVERT_DIAGNOSTIC_FUNCTIONS.has(functionName)) {
+    lines.push(
+      `  diagnostic: bare-revert (empty 0x). Most common causes:`,
+      `    1. Origin not actually mapped on-chain. Try BULLETIN_DEPLOY_DEBUG_DOTNS_TX=1 to log calldata, then run`,
+      `       \`node tools/dotns-dry-run.mjs <label>\` against the env's Asset Hub RPC to reproduce in isolation.`,
+      `    2. Contract precondition (e.g. commitment too new). dotns-dry-run.mjs will surface the contract-side state.`,
+      `  hint: prepend --fresh to dotns-dry-run.mjs to use a brand-new unmapped substrate origin \u2014`,
+      `        if the revert ONLY reproduces with --fresh, it's the account-mapping bug.`
+    );
+  }
   return lines.join("\n");
 }
+function __formatContractDryRunFailureForTest(gasEstimate, context) {
+  return formatContractDryRunFailure(gasEstimate, context);
+}
 function unwrapExecutionResult(rawResult) {
   if (!rawResult) return { ok: null, err: null, successFlag: null };
   if (typeof rawResult.success === "boolean") {
@@ -579,6 +595,17 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
   async submitTransaction(contractAddress, value, encodedData, signerSubstrateAddress, signer, statusCallback, { rpcs, useNoncePolling, functionName, args, contracts }) {
     await this.ensureAccountMapped(signerSubstrateAddress, signer);
     const signerEvmAddress = await this.getEvmAddress(signerSubstrateAddress);
+    if (functionName === "register") {
+      try {
+        const stillMapped = await this.checkIfAccountMapped(signerSubstrateAddress);
+        if (!stillMapped) {
+          captureWarning("account mapping not confirmed on-chain immediately before register dry-run", {
+            signer: signerSubstrateAddress
+          });
+        }
+      } catch {
+      }
+    }
     const gasEstimate = await this.estimateGasForCall(signerSubstrateAddress, contractAddress, value, encodedData);
     if (!gasEstimate.success) {
       throw new Error(formatContractDryRunFailure(gasEstimate, {
@@ -608,6 +635,22 @@ var ReviveClientWrapper = class _ReviveClientWrapper {
     return await this.signAndSubmitWithRetry(buildExtrinsic, signer, statusCallback, "Revive.call", { nonceFallback });
   }
 };
+var DOTNS_CONTEXT_HEX_LOWER = "0x646f746e73000000000000000000000000000000000000000000000000000000";
+function formatPersonhoodRemediation(state, environmentId) {
+  if (environmentId !== "paseo-next-v2") {
+    return "Self-attestation is no longer available. Contact the DotNS team for whitelisting / Personhood status help.";
+  }
+  switch (state.state) {
+    case "not-bound":
+      return "Your account has no DotNS alias binding on paseo-next-v2. Visit https://sudo.personhood.dev/dotns-bootstrap to complete the recognition and binding steps, or run `tools/personhood-bootstrap.mjs --mnemonic <your-mnemonic>` once Stage 2 of the bootstrap tooling lands.";
+    case "bound-likely-stale":
+      return "Your alias binding exists but may have a stale ring revision. Run `node tools/reprove-alias.mjs --mnemonic <your-mnemonic> --env paseo-next-v2` to refresh the proof, then retry the registration.";
+    case "wrong-context":
+      return "Your alias binding exists but is for a different application context" + (state.storedContextHex ? ` (context: ${state.storedContextHex})` : "") + ". Re-bind under the 'dotns' context using the bootstrap flow: https://sudo.personhood.dev/dotns-bootstrap";
+    case "bound-fresh":
+      return "Self-attestation is no longer available. Contact the DotNS team for whitelisting / Personhood status help.";
+  }
+}
 var DotNS = class {
   client;
   clientWrapper;
@@ -623,6 +666,7 @@ var DotNS = class {
   _usesExternalSigner = false;
   _contracts = CONTRACTS;
   _nativeToEthRatio = NATIVE_TO_ETH_RATIO;
+  _environmentId = null;
   constructor() {
     this.client = null;
     this.clientWrapper = null;
@@ -640,6 +684,9 @@ var DotNS = class {
     if (options.contracts && Object.keys(options.contracts).length > 0) {
       this._contracts = { ...CONTRACTS, ...options.contracts };
     }
+    if (options.environmentId) {
+      this._environmentId = options.environmentId;
+    }
     const rpc = options.rpc || process.env.DOTNS_RPC || this.assetHubEndpoints[0];
     this.rpc = rpc;
     this._usesExternalSigner = Boolean(options.signer && options.signerAddress);
@@ -788,6 +835,31 @@ var DotNS = class {
     this._testnetCache = isTestnetSpecName(rpc) || rpc.includes("paseo") || rpc.includes("westend") || rpc.includes("rococo");
     return this._testnetCache;
   }
+  /**
+   * Classify the AliasAccounts state for a substrate address.
+   * Only called on paseo-next-v2 testnets inside the preflight's NoStatus branch.
+   * Returns "not-bound" if the chain is unreachable (safe fallback to generic advice).
+   */
+  async classifyAliasAccountState(ss58) {
+    if (!this.clientWrapper) return { state: "not-bound" };
+    try {
+      const api = this.clientWrapper.client;
+      const row = await api.query.AliasAccounts.AccountToAlias.getValue(ss58, { at: "best" });
+      if (!row) return { state: "not-bound" };
+      const contextHex = typeof row.ca?.context === "string" ? row.ca.context.toLowerCase() : "";
+      const paid = Boolean(row.paid);
+      const revision = Number(row.revision ?? 0);
+      if (paid && contextHex === DOTNS_CONTEXT_HEX_LOWER) {
+        return { state: "bound-likely-stale", storedContextHex: contextHex, paid, revision };
+      }
+      if (!paid || contextHex !== DOTNS_CONTEXT_HEX_LOWER) {
+        return { state: "wrong-context", storedContextHex: contextHex, paid, revision };
+      }
+      return { state: "bound-fresh", storedContextHex: contextHex, paid, revision };
+    } catch {
+      return { state: "not-bound" };
+    }
+  }
   // Free PAS balance for a substrate address on the connected DotNS chain.
   // Used by preflight to gate the deploy on whether the signer can pay tx
   // fees before the chunk upload runs. Returns 0n if the account doesn't
@@ -1342,6 +1414,30 @@ var DotNS = class {
             signerFreeBalance
           };
         }
+        if (userStatus === ProofOfPersonhoodStatus.NoStatus && isTestnet && this._environmentId === "paseo-next-v2" && this.substrateAddress) {
+          const aliasState = await this.classifyAliasAccountState(this.substrateAddress);
+          const remediationMessage = formatPersonhoodRemediation(aliasState, this._environmentId);
+          const currentName2 = popStatusName(userStatus);
+          const requiredName2 = popStatusName(classification.status);
+          return {
+            label: validated,
+            classification,
+            userStatus,
+            trailingDigits,
+            baselength,
+            isAvailable: true,
+            existingOwner: null,
+            isBaseNameReserved: isReserved,
+            reservationOwner,
+            isTestnet,
+            canProceed: false,
+            reason: `${validated}.dot requires ${requiredName2}, but this signer is ${currentName2}. ${remediationMessage}`,
+            plannedAction: "abort",
+            needsPopUpgrade: false,
+            targetPopStatus,
+            signerFreeBalance
+          };
+        }
         const currentName = popStatusName(userStatus);
         const requiredName = popStatusName(classification.status);
         return {
@@ -1471,6 +1567,57 @@ var DotNS = class {
       return { label, owner: this.evmAddress };
     });
   }
+  /**
+   * Reprove a stale DotNS alias binding.
+   * Opens a People-chain client internally, builds the ring proof, and submits
+   * reprove_alias_account on AH. Use when the alias exists but the ring root
+   * has advanced past the stored revision.
+   *
+   * Requires a mnemonic — the DotNS instance must have been connected with one.
+   */
+  async reprove(mnemonic) {
+    this.ensureConnected();
+    if (!this.substrateAddress || !this.signer) {
+      throw new Error("reprove: DotNS must be connected with a signer");
+    }
+    const envId = this._environmentId ?? "paseo-next-v2";
+    const { connectPeopleClient } = await import("./personhood/people-client.js");
+    const { reproveAliasToAccount } = await import("./personhood/reprove.js");
+    const { deriveMemberEntropy, deriveMemberKey } = await import("./personhood/member-key.js");
+    const verifiable = await import("verifiablejs/nodejs");
+    const memberEntropy = deriveMemberEntropy(mnemonic);
+    const memberKey = deriveMemberKey(mnemonic);
+    const peopleConn = await connectPeopleClient(envId);
+    try {
+      const result = await reproveAliasToAccount({
+        peopleUnsafeApi: peopleConn.unsafeApi,
+        ahUnsafeApi: this.clientWrapper.client,
+        account: this.substrateAddress,
+        memberKey,
+        signCall: this.signer,
+        buildRingProof: async ({ members, context, msg }) => {
+          const r = verifiable.one_shot(memberEntropy, members, context, msg);
+          return { proof: r.proof, alias: r.alias };
+        }
+      });
+      return result;
+    } finally {
+      peopleConn.disconnect();
+    }
+  }
+  /**
+   * Run the personhood bootstrap flow for this DotNS signer.
+   * Idempotent: each step is gated on chain state being "still needs doing".
+   * Does NOT auto-run from preflight — call explicitly.
+   *
+   * Throws RecognizeRequiredError if the account hasn't been recognized by the
+   * personhood faucet (https://sudo.personhood.dev/personhood-faucet).
+   */
+  async bootstrap(mnemonic) {
+    const { runBootstrap } = await import("./personhood/bootstrap.js");
+    const envId = this._environmentId ?? "paseo-next-v2";
+    return runBootstrap({ mnemonic, environmentId: envId });
+  }
   disconnect() {
     if (this.client) {
       this.client.destroy();
@@ -1503,6 +1650,7 @@ export {
   verifyNonceAdvanced,
   ProofOfPersonhoodStatus,
   convertToHexString,
+  __formatContractDryRunFailureForTest,
   DOT_NODE,
   convertWeiToNative,
   computeDomainTokenId,
@@ -1517,6 +1665,7 @@ export {
   parseDomainName,
   parseProofOfPersonhoodStatus,
   popStatusName,
+  formatPersonhoodRemediation,
   DotNS,
   dotns
 };

package/dist/chunk-EJ5TNGAY.js

@@ -0,0 +1,24 @@
+import {
+  blake2b256Keyed
+} from "./chunk-UPWEOGLQ.js";
+import {
+  MEMBER_ENTROPY_KEY
+} from "./chunk-T7EEVWNU.js";
+
+// src/personhood/member-key.ts
+import { mnemonicToEntropy } from "@polkadot-labs/hdkd-helpers";
+import * as verifiable from "verifiablejs/nodejs";
+function deriveMemberEntropy(mnemonic) {
+  const normalized = mnemonic.trim().split(/\s+/).join(" ");
+  const bip39Entropy = mnemonicToEntropy(normalized);
+  return blake2b256Keyed(bip39Entropy, MEMBER_ENTROPY_KEY);
+}
+function deriveMemberKey(mnemonic) {
+  const entropy = deriveMemberEntropy(mnemonic);
+  return verifiable.member_from_entropy(entropy);
+}
+
+export {
+  deriveMemberEntropy,
+  deriveMemberKey
+};

package/dist/{chunk-RJAFD4LO.js → chunk-FSSKFXTZ.js}

@@ -1,6 +1,6 @@
 import {
   VERSION
-} from "./chunk-2VNGK2MU.js";
+} from "./chunk-WNUWAA6F.js";
 
 // src/version-check.ts
 import { execSync, execFileSync } from "child_process";

package/dist/{chunk-ZY6QLNKQ.js → chunk-KFHGT4A2.js}

@@ -1,6 +1,6 @@
 import {
   captureWarning
-} from "./chunk-2VNGK2MU.js";
+} from "./chunk-WNUWAA6F.js";
 
 // src/chunk-probe.ts
 import { Twox128, Blake2128Concat, decAnyMetadata, unifyMetadata } from "@polkadot-api/substrate-bindings";

package/dist/{chunk-MJTQOXBC.js → chunk-LEYQOOWC.js}

@@ -6,7 +6,6 @@ function countByReason(probe, reason) {
 function computeStats(input) {
   const present = input.probeResults.filter((r) => r.present === true);
   const failed = input.probeResults.filter((r) => r.present === null);
-  const presentInPrev = present.filter((r) => input.prevChunks[r.cid] != null);
   const recycled = present.filter((r) => input.prevChunks[r.cid] == null);
   return {
     manifestSource: input.manifestSource,
@@ -25,6 +24,7 @@ function computeStats(input) {
     probeFailedMetadata: countByReason(input.probeResults, "metadata_error"),
     recycledCids: recycled.length,
     retentionPeriodBlocks: input.retentionPeriodBlocks,
+    bytesProbePresent: input.bytesProbePresent,
     bytesSkipped: input.bytesSkipped,
     bytesUploaded: input.bytesUploaded,
     chunksTotal: input.chunksTotal,
@@ -34,7 +34,7 @@ function computeStats(input) {
     section0Bytes: input.sectionSizes.section0,
     section1Bytes: input.sectionSizes.section1,
     section2Bytes: input.sectionSizes.section2,
-    estimatedSecondsSaved: Math.round(SECONDS_PER_PROBE_SKIP * presentInPrev.length),
+    estimatedSecondsSaved: Math.round(SECONDS_PER_PROBE_SKIP * present.length),
     tier2VerifiedCount: input.tier2VerifiedCount,
     tier2InconclusiveCount: input.tier2InconclusiveCount,
     tier2FallbackCount: input.tier2FallbackCount
@@ -63,6 +63,7 @@ function telemetryAttributes(s) {
     "deploy.cache.chunks_total": String(s.chunksTotal),
     "deploy.cache.chunks_uploaded": String(s.chunksUploaded),
     "deploy.cache.chunks_skipped": String(s.chunksSkipped),
+    "deploy.cache.bytes_probe_present": String(s.bytesProbePresent),
     "deploy.cache.bytes_skipped": String(s.bytesSkipped),
     "deploy.cache.bytes_uploaded": String(s.bytesUploaded),
     "deploy.cache.car_bytes": String(s.carBytes),

package/dist/chunk-QHOZEY5X.js

@@ -0,0 +1,231 @@
+import {
+  blake2_256,
+  bytesToHex,
+  concatBytes,
+  encodeMembers,
+  hexToBytes
+} from "./chunk-ZYVGHDMU.js";
+import {
+  PAID_PROOF_TAG,
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PGAS_ASSET_ID,
+  PGAS_ASSET_LOCATION,
+  PROOF_BYTES
+} from "./chunk-T7EEVWNU.js";
+
+// src/personhood/bind-paid-alias.ts
+import { getSs58AddressInfo } from "polkadot-api";
+var PaidAliasBindingError = class extends Error {
+  kind;
+  dispatchError;
+  constructor(message, options = {}) {
+    super(message, options);
+    this.name = "PaidAliasBindingError";
+    this.kind = options.kind ?? "Unknown";
+    this.dispatchError = options.dispatchError;
+  }
+};
+var bindPaidAliasToAccount = async ({
+  peopleUnsafeApi,
+  ahUnsafeApi,
+  account,
+  memberKey,
+  contextBytes,
+  signCall,
+  buildRingProof,
+  progress
+}) => {
+  const people = peopleUnsafeApi;
+  const ah = ahUnsafeApi;
+  if (memberKey.length !== 32) {
+    throw new PaidAliasBindingError("memberKey must be 32 bytes", {
+      kind: "ClientError"
+    });
+  }
+  if (contextBytes.length !== 32) {
+    throw new PaidAliasBindingError("contextBytes must be 32 bytes", {
+      kind: "ClientError"
+    });
+  }
+  const fee = await ah.query.AliasAccounts.PaidAliasFee.getValue({ at: "best" });
+  if (fee === void 0) {
+    throw new PaidAliasBindingError(
+      "AliasAccounts.PaidAliasFee is unset \u2014 needs sudo `set_paid_alias_fee`",
+      { kind: "PaidAliasFeeUnset" }
+    );
+  }
+  const pgas = await ah.query.Assets.Account.getValue(
+    PGAS_ASSET_ID,
+    account,
+    { at: "best" }
+  );
+  const pgasBalance = pgas?.balance ?? 0n;
+  if (pgasBalance < fee) {
+    throw new PaidAliasBindingError(
+      `signer has ${pgasBalance.toString()} PGAS but PaidAliasFee is ${fee.toString()} \u2014 claim PGAS first`,
+      { kind: "InsufficientPgas" }
+    );
+  }
+  const position = await people.query.Members.Members.getValue(
+    PEOPLE_MEMBER_IDENTIFIER_HEX,
+    bytesToHex(memberKey),
+    { at: "best" }
+  );
+  if (!position || position.type !== "Included") {
+    throw new PaidAliasBindingError(
+      `member position is '${position?.type ?? "absent"}', expected 'Included'`,
+      { kind: "NotARecognizedPerson" }
+    );
+  }
+  const ringIndex = position.value.ring_index;
+  const allEntries = await people.query.Members.RingKeys.getEntries({
+    at: "best"
+  });
+  const pages = [];
+  const identHex = PEOPLE_MEMBER_IDENTIFIER_HEX.toLowerCase();
+  for (const entry of allEntries) {
+    if (entry.keyArgs[0].toLowerCase() !== identHex) continue;
+    if (Number(entry.keyArgs[1]) !== ringIndex) continue;
+    pages.push([Number(entry.keyArgs[2]), [...entry.value]]);
+  }
+  pages.sort((a, b) => a[0] - b[0]);
+  const ringKeys = pages.flatMap(([, ks]) => ks);
+  if (ringKeys.length === 0) {
+    throw new PaidAliasBindingError("ring has no members on People", {
+      kind: "ClientError"
+    });
+  }
+  const membersBytes = encodeMembers(ringKeys.map((k) => hexToBytes(k)));
+  const collectionId = await ah.constants.AliasAccounts.PeopleCollectionIdentifier();
+  const ringExp = await ah.constants.AliasAccounts.PeopleRingExponent();
+  const ringExponent = ringExp.type === "R2e9" ? 9 : ringExp.type === "R2e10" ? 10 : 14;
+  const ringRoots = await ah.query.MembersSubscriber.RingRoots.getValue(
+    collectionId,
+    ringIndex,
+    { at: "best" }
+  );
+  if (!ringRoots || ringRoots.length === 0) {
+    throw new PaidAliasBindingError(
+      "AH has no RingRoots for this (collection, ring_index)",
+      { kind: "RingRootNotFound" }
+    );
+  }
+  const latest = ringRoots[ringRoots.length - 1];
+  const revision = latest.revision;
+  const ss58Info = getSs58AddressInfo(account);
+  if (!ss58Info.isValid) {
+    throw new PaidAliasBindingError(`invalid SS58: ${account}`, {
+      kind: "ClientError"
+    });
+  }
+  const paidMsg = blake2_256(concatBytes(PAID_PROOF_TAG, ss58Info.publicKey));
+  const { proof, alias } = await buildRingProof({
+    ringExponent,
+    members: membersBytes,
+    context: contextBytes,
+    msg: paidMsg
+  });
+  if (proof.length !== PROOF_BYTES) {
+    throw new PaidAliasBindingError(
+      `ring proof must be ${PROOF_BYTES} bytes, got ${proof.length}`,
+      { kind: "ClientError" }
+    );
+  }
+  const tx = ah.tx.AliasAccounts.set_paid_alias_account({
+    proof: bytesToHex(proof),
+    collection: collectionId,
+    ring_index: ringIndex,
+    ring_revision: revision,
+    context: bytesToHex(contextBytes)
+  });
+  const submitOptions = {
+    customSignedExtensions: {
+      ChargeAssetTxPayment: {
+        value: { tip: 0n, asset_id: PGAS_ASSET_LOCATION }
+      }
+    }
+  };
+  const blockHash = await new Promise((resolve, reject) => {
+    let settled = false;
+    const fail = (err) => {
+      if (settled) return;
+      settled = true;
+      reject(err);
+    };
+    const succeed = (h) => {
+      if (settled) return;
+      settled = true;
+      resolve(h);
+    };
+    tx.signSubmitAndWatch(signCall, submitOptions).subscribe({
+      next: (event) => {
+        if (settled) return;
+        const ev = event;
+        if (ev.type === "broadcasted") {
+          progress?.onBroadcasted?.();
+          return;
+        }
+        if (ev.type === "txBestBlocksState" && ev.found) {
+          if (ev.ok === false) {
+            fail(
+              new PaidAliasBindingError(
+                "set_paid_alias_account dispatched but failed in-block",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) progress?.onBestBlock?.(ev.block.hash);
+          return;
+        }
+        if (ev.type === "finalized") {
+          if (ev.ok === false) {
+            fail(
+              new PaidAliasBindingError(
+                "set_paid_alias_account failed at finalization",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) succeed(ev.block.hash);
+        }
+      },
+      error: (err) => {
+        fail(
+          err instanceof PaidAliasBindingError ? err : new PaidAliasBindingError(
+            err instanceof Error ? `RPC rejected extrinsic: ${err.message}` : "RPC error during submitAndWatch",
+            { cause: err, kind: "RpcError" }
+          )
+        );
+      }
+    });
+  });
+  return { blockHash, alias };
+};
+var narrowDispatchError = (dispatchError) => {
+  if (typeof dispatchError === "object" && dispatchError !== null && "type" in dispatchError) {
+    const d = dispatchError;
+    if (d.type === "Module" && typeof d.value === "object" && d.value !== null) {
+      const v = d.value;
+      if (v.type === "AliasAccounts" && v.value?.type === "BadProof") {
+        return "BadProof";
+      }
+      if (v.type === "AliasAccounts" && v.value?.type === "PaidAliasFeeUnset") {
+        return "PaidAliasFeeUnset";
+      }
+    }
+  }
+  return "DispatchError";
+};
+
+export {
+  PaidAliasBindingError,
+  bindPaidAliasToAccount
+};

package/dist/{chunk-BFXHVC23.js → chunk-SPWQNU3F.js}

@@ -2,7 +2,7 @@ import {
   computeStats,
   renderSummary,
   telemetryAttributes
-} from "./chunk-MJTQOXBC.js";
+} from "./chunk-LEYQOOWC.js";
 import {
   finaliseEmbeddedManifest,
   writeEmbeddedManifestPlaceholder
@@ -20,10 +20,10 @@ import {
 } from "./chunk-S7EM5VMW.js";
 import {
   setDeployContext
-} from "./chunk-SA37SLYF.js";
+} from "./chunk-V5NUBOEX.js";
 import {
   probeChunks
-} from "./chunk-ZY6QLNKQ.js";
+} from "./chunk-KFHGT4A2.js";
 import {
   packSection
 } from "./chunk-C2TS5MER.js";
@@ -34,7 +34,7 @@ import {
   parseDomainName,
   popStatusName,
   verifyNonceAdvanced
-} from "./chunk-VTTN4BX7.js";
+} from "./chunk-CIXT75OF.js";
 import {
   derivePoolAccounts,
   detectTestnet,
@@ -42,7 +42,7 @@ import {
   fetchPoolAuthorizations,
   selectAccount,
   topUpBy
-} from "./chunk-4TS6R26J.js";
+} from "./chunk-WVCIU6WM.js";
 import {
   VERSION,
   captureWarning,
@@ -56,7 +56,7 @@ import {
   truncateAddress,
   withDeploySpan,
   withSpan
-} from "./chunk-2VNGK2MU.js";
+} from "./chunk-WNUWAA6F.js";
 import {
   DEFAULT_ENV_ID,
   loadEnvironments,
@@ -395,7 +395,7 @@ function assignDenseNonces(stored, startNonce) {
   return nonces;
 }
 var __assignDenseNoncesForTest = assignDenseNonces;
-async function storeChunkedContent(chunks, { client: existingClient, unsafeApi: existingApi, signer: existingSigner, ss58: existingSS58, reconnect, fetchNonce: fetchNonceOverride, skipCids, probeFailedCids, gateway: providerGateway } = {}) {
+async function storeChunkedContent(chunks, { client: existingClient, unsafeApi: existingApi, signer: existingSigner, ss58: existingSS58, reconnect, fetchNonce: fetchNonceOverride, skipCids, probeFailedCids, gateway: providerGateway, bulletinAuthorizeV2 } = {}) {
   const _fetchNonce = fetchNonceOverride ?? fetchNonce;
   console.log(`
    Chunks: ${chunks.length}`);
@@ -461,11 +461,13 @@ async function storeChunkedContent(chunks, { client: existingClient, unsafeApi:
   const bytesRemaining = uploadAuth ? BigInt(uploadAuth.extent.bytes_allowance) - BigInt(uploadAuth.extent.bytes) : 0n;
   const isAuthorized = uploadAuth !== void 0 && Number(uploadAuth.expiration ?? 0) > currentBlockNum;
   if (!isAuthorized || txsRemaining < requiredTxs || bytesRemaining < requiredBytes) {
+    const txsRemainingDisplay = txsRemaining < 0n ? 0n : txsRemaining;
+    const bytesRemainingDisplay = bytesRemaining < 0n ? 0n : bytesRemaining;
     console.log(`
-   Account needs re-authorization (authorized=${isAuthorized}, need ${requiredTxs} txs / ${(totalBytes / 1e6).toFixed(1)}MB, have ${txsRemaining} txs / ${Number(bytesRemaining) / 1e6}MB)`);
+   Account needs re-authorization (authorized=${isAuthorized}, need ${requiredTxs} txs / ${(totalBytes / 1e6).toFixed(1)}MB, have ${txsRemainingDisplay} txs / ${(Number(bytesRemainingDisplay) / 1e6).toFixed(2)}MB)`);
     console.log(`   Attempting to re-authorize with Alice...`);
     try {
-      await ensureAuthorized(unsafeApi, ss58);
+      await ensureAuthorized(unsafeApi, ss58, void 0, bulletinAuthorizeV2, { txs: requiredTxs, bytes: requiredBytes });
       console.log(`   Re-authorization successful`);
     } catch (e) {
       throw new NonRetryableError(`Account ${ss58} has insufficient Bulletin authorization and auto-authorization via Alice failed (${e.message}). Authorize the account on-chain.`);
@@ -1024,11 +1026,11 @@ async function storeDirectoryV2(directoryPath, opts = {}) {
   const probe = carChunkCidsA.length > 0 ? await withSpan("deploy.chain-probe", "2. chain probe", { "deploy.probe.total": carChunkCidsA.length }, () => probeChunks(carChunkCidsA, { client: provider.client })) : [];
   const skipCids = /* @__PURE__ */ new Set();
   const probeFailedCidsA = /* @__PURE__ */ new Set();
-  let bytesSkipped = 0;
+  let bytesProbePresent = 0;
   for (let i = 0; i < probe.length; i++) {
     if (probe[i].present === true) {
       skipCids.add(carChunkCidsA[i]);
-      bytesSkipped += carChunksA[i].length;
+      bytesProbePresent += carChunksA[i].length;
     } else if (probe[i].present === null) {
       probeFailedCidsA.add(carChunkCidsA[i]);
     }
@@ -1165,6 +1167,7 @@ async function storeDirectoryV2(directoryPath, opts = {}) {
     probeResults: probe,
     prevChunks: prevManifest?.chunks ?? {},
     retentionPeriodBlocks,
+    bytesProbePresent,
     bytesSkipped: bytesSkippedB,
     bytesUploaded: bytesUploadedB,
     chunksTotal: phaseB.chunks.length,
@@ -1182,15 +1185,16 @@ async function storeDirectoryV2(directoryPath, opts = {}) {
   console.log("\n" + renderSummary(stats));
   return { storageCid, ipfsCid: phaseB.cid, carBytes: phaseB.carBytes };
 }
-function resolveDotnsConnectOptions(options, assetHubEndpoints, autoAccountMapping, contracts, nativeToEthRatio) {
+function resolveDotnsConnectOptions(options, assetHubEndpoints, autoAccountMapping, contracts, nativeToEthRatio, environmentId) {
   const tail = assetHubEndpoints && assetHubEndpoints.length > 0 ? { assetHubEndpoints } : {};
   const mappingTail = autoAccountMapping ? { autoAccountMapping } : {};
   const contractsTail = contracts && Object.keys(contracts).length > 0 ? { contracts } : {};
   const ratioTail = nativeToEthRatio ? { nativeToEthRatio } : {};
+  const envTail = environmentId ? { environmentId } : {};
   if (options.signer && options.signerAddress) {
-    return { signer: options.signer, signerAddress: options.signerAddress, ...tail, ...mappingTail, ...contractsTail, ...ratioTail };
+    return { signer: options.signer, signerAddress: options.signerAddress, ...tail, ...mappingTail, ...contractsTail, ...ratioTail, ...envTail };
   }
-  return { mnemonic: options.mnemonic, derivationPath: options.derivationPath, ...tail, ...mappingTail, ...contractsTail, ...ratioTail };
+  return { mnemonic: options.mnemonic, derivationPath: options.derivationPath, ...tail, ...mappingTail, ...contractsTail, ...ratioTail, ...envTail };
 }
 async function estimateUploadBytes(content) {
   try {
@@ -1328,7 +1332,7 @@ async function deploy(content, domainName = null, options = {}) {
         }
       }
       provider = await reconnect();
-      const providerWithReconnect = { ...provider, reconnect };
+      const providerWithReconnect = { ...provider, reconnect, bulletinAuthorizeV2: envBulletinAuthorizeV2 };
       const [isTestnet, estimated] = await Promise.all([
         detectTestnet(provider.unsafeApi),
         estimateUploadBytes(content)
@@ -1337,7 +1341,7 @@ async function deploy(content, domainName = null, options = {}) {
         const uploadBytes = Math.ceil(estimated * 1.2);
         const chunksNeeded = Math.max(1, Math.ceil(uploadBytes / CHUNK_SIZE));
         const needs = { txs: BigInt(chunksNeeded + 2), bytes: BigInt(uploadBytes) };
-        await topUpBy(provider.unsafeApi, provider.ss58, needs, "uploader");
+        await topUpBy(provider.unsafeApi, provider.ss58, needs, "uploader", envBulletinAuthorizeV2);
       }
       console.log("\n" + "=".repeat(60));
       console.log("Storage");
@@ -1502,7 +1506,7 @@ async function deploy(content, domainName = null, options = {}) {
       console.log("=".repeat(60));
       await withSpan("deploy.dotns", "2. dotns", { "deploy.domain": name, "deploy.subdomain": String(parsed?.isSubdomain ?? false) }, async () => {
         const dotns = new DotNS();
-        await dotns.connect(resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio));
+        await dotns.connect(resolveDotnsConnectOptions(options, envAssetHub, envAutoAccountMapping, envContracts, envNativeToEthRatio, envId));
         if (parsed?.isSubdomain) {
           const { owned, owner } = await dotns.checkSubdomainOwnership(parsed.sublabel, parsed.parentLabel);
           if (owned) {